May 31, 2004
Gaps Seen in 'Virtual Border' Security System
By JOHN MARKOFF and ERIC LICHTBLAU

omputer scientists and engineers are raising questions about a government plan to create a multibillion-dollar computer system of "virtual borders" intended to identify would-be terrorists entering the United States.

On Tuesday, the Department of Homeland Security plans to announce the award of a contract to extend the reach of its program, called U.S.-Visit, to permit the Customs service to capture fingerprints and other profile information on hundreds of millions of people who enter or leave the United States each year.

The system, which investigators estimate could cost as much as $15 billion over 10 years, is intended to help officials determine who should be prohibited from entering the country, to identify visitors who have overstayed or violated the terms of their admission, and to help law enforcement agencies track those who should be detained.

Supporters of the system argue that the database would have provided the means to apprehend some of the Sept. 11 terrorists who were known to the F.B.I., but, they say, could not be located before the attack.

The critics include some computer scientists and technologists, who maintain that the government has had a bad record in building computerized systems based on unproved technology. "All you have to do is look at the track record of other government agencies," said Willis H. Ware, a scientist at the RAND Corporation and a computer industry pioneer. The Internal Revenue Service, NASA and the Federal Aviation Administration have all fumbled large projects, he said.

The system will capture biometric data, like fingerprints, photographs and voiceprints, at 211 visa-issuing posts overseas beginning in October. It is intended as an early warning, providing customs and border officials instant access to a web of databases storing intelligence and law enforcement watch lists, profile data and information from foreign governments.

Computer scientists and security experts said that the problem facing border officials was in many ways similar to some of those faced by designers of antiballistic missile defenses. Despite decades of development work, antimissile systems cannot reliably detect and home in on enemy missiles that may be hidden in clouds of decoys.

Similarly, border control systems might detect individuals who appear in law enforcement or intelligence databases but provide little protection against attackers not yet known to the government.

"Trying to do some of these things is just beyond what we are able to do," said Nancy Levison, a Massachusetts Institute of Technology computer scientist who is an expert in complex systems and safety issues. "Look how long it took to get the baggage system at the new Denver airport to work."

Moreover, critics said the Department of Homeland Security had given the three contractors who are bidding on the project - Accenture, Lockheed Martin and the Computer Sciences Corporation - wide latitude in specifying the technology and capabilities of the U.S.-Visit system. In the past, government contracts for unproved technologies that were poorly defined have frequently been saddled with problems and led to big cost overruns.

"The government doesn't know how to buy software," said Barbara Corn, a retired software engineer who has served on NASA advisory panels. "They never have the requirements nailed down."

A Homeland Security Department spokesman, Dennis Murphy, replied that the initial phase of the U.S.-Visit project had come in on time and under budget. "It's not just theoretical now," Mr. Murphy said. "We know how the system works."

While acknowledging that it was almost impossible to catch terrorists without previous records or matching intelligence data, he said the system was intended to minimize the risk. "There is an enormous intelligence-gathering capability worldwide," Mr. Murphy added, "and we're working with partners around the world to feed information into our systems."

Accenture said its approach had been proved in other contracts like a project for the Defense Logistics Agency, where it had established that it could save tax money. "We have proven out the return on investment," said Eric Sting, project leader on Accenture's bid for the U.S.-Visit system. "We think there is a very compelling business rationale."

In addition to concerns about program management, several computer security experts warned that even if a system worked it might not justify the investment.

This point was first raised by the General Accounting Office in October 2002 in a review of the state of biometric identification techniques. It examined seven technologies that might be used for border control, including facial recognition, fingerprint recognition, hand geometry, iris recognition, retina recognition, signature recognition and speaker recognition. The agency estimated that such a system might cost $1.3 billion to $2.9 billion and then $700 million to $1.5 billion a year to operate.

"Whether the financial and nonfinancial costs are warranted by the benefits of greater security is a policy issue that should be determined before biometric technologies are implemented in a border control system," the report concluded.

A supplier of biometric equipment has also raised questions. VAS International, an Atlanta company that specializes in voice-recognition technology, has been lobbying in Washington against the way that biometrics have been used in some projects, saying it led to false positives and negatives.

The company noted the failure of the matrícula consular card issued by Mexico, which is supposed to be secure. Arrests of illegal aliens have turned up repeated cases of people with more than one forged card.

"U.S.-Visit isn't really designed to keep the terrorists out," said Marc E. Nolan, president of VAS International, which has sent a report to Congressional officials about what the company regards as drawbacks in the program.

He argued that restricting it to facial recognition - which has run into problems in some tests - or to other individual methods could cause problems because there are no strict standards in place. "To have one be the panacea for all of them isn't going to work," he said, adding that a varied approach was needed.

Critics also challenge the value of the basic goal of real-time ability for the system. Although this means that data would be immediately available on central control and border inspection computers, military analysts say there is a risk in coping with the vast amount of information that would be uncovered by a real-time tracking system.

"What the designers may have missed is the cost of false positives and false negatives in this kind of system," said Michael Schrage, a research associate at the M.I.T. Security Studies Program, who is concerned that so many alerts would be generated that it would be impossible to keep up with the deluge. "The whole notion of defining this problem as real time may be the challenge," he said. "What are the trade-offs?"

The Homeland Security Department's spokesman, Mr. Murphy, said that from experience so far, false positives would not be a major problem. He acknowledged that "one of the big issues with any big project like this is false positives." But the agency, he said, had processed more than four million travelers since January using photos and prints, and the false positive rate was less than one-tenth of 1 percent.

Several computer scientists also raised questions about the prospects for success of a project that had not been adequately tested.

"The real question," said Gordon Bell, a Microsoft computer researcher and former official at the National Science Foundation, "is how much homework have they done. They should have been running tests two years ago. When you build a big system, the key thing is to run some small experiments first."

Copyright 2004 The New York Times Company | Home | Privacy Policy | Search | Corrections | Help | Back to Top